FROM l.gcr.io/google/bazel:latest as bazel

ENV APP_VERSION=0.13.0

RUN apt-get update \
    && apt-get install make automake -y --no-install-recommends

RUN git clone --branch v${APP_VERSION} \
    https://github.com/jetstack/cert-manager.git /src/cert-manager/

WORKDIR /src/cert-manager/

RUN bazel build --stamp --workspace_status_command=hack/build/print-workspace-status.sh //cmd/controller \
 && bazel build --stamp --workspace_status_command=hack/build/print-workspace-status.sh //cmd/cainjector \
 && bazel build --stamp --workspace_status_command=hack/build/print-workspace-status.sh //cmd/webhook \
 && bazel build --stamp --workspace_status_command=hack/build/print-workspace-status.sh //cmd/acmesolver

# Find and copy all hashicorp dependencies which has been published on MPL license
RUN for dep in `find $(bazel info execution_root)/../../external/ -maxdepth 1 -type d -iname "*hashicorp*"`; \
    do cp -r $dep /src/vendor/; done


# Result Image
FROM marketplace.gcr.io/google/debian9

ENV C2D_RELEASE=0.13.0
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

# Non root
RUN useradd -r -u 1000 cert-manager

# License and Notices
COPY --from=bazel /src/cert-manager/LICENSE /usr/share/cert-manager/LICENSE
COPY --from=bazel /src/cert-manager/LICENSES /usr/share/cert-manager/NOTICES

# Copy source code of dependencies which requires the copy
COPY --from=bazel /src/vendor /src/vendor

# App files
COPY --from=bazel /src/cert-manager/bazel-bin/cmd/controller/linux_amd64_pure_stripped/controller app/
COPY --from=bazel /src/cert-manager/bazel-bin/cmd/cainjector/linux_amd64_pure_stripped/cainjector app/
COPY --from=bazel /src/cert-manager/bazel-bin/cmd/webhook/linux_amd64_pure_stripped/webhook app/
COPY --from=bazel /src/cert-manager/bazel-bin/cmd/acmesolver/linux_amd64_pure_stripped/acmesolver app/

USER cert-manager
